Why Is Every Information Leak Worse Than Originally Thought?

from the sensing-a-pattern... dept

While there have been an incredible number of stories about data leaks over the past couple of months, one interesting thing is that in so many cases, the companies involved later come out and admit that the problem was much worse than they first admitted. That happened with ChoicePoint and LexisNexis, who both had to come out a second time and admit that the original data breach they discussed wasn't as limited as they had believed. The latest is that the DSW Shoe Warehouse database that was stolen included information (including credit cards) on many, many more people than originally stated. So rather than 100,000 credit cards out there, we're talking 1.4 million. What's unclear, however, is why this is happening. Is it that these companies are so clueless and unable to manage their own data that they don't realize how badly they've leaked data until they do further investigations? Or is that the companies are still trying to hide the nature of the losses until later (maybe spreading them out a bit)? Either way, you'll notice that no one ever seems to correct the damages in the other direction...